You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by GitBox <gi...@apache.org> on 2019/03/12 16:26:14 UTC

[GitHub] [nifi] bbende commented on a change in pull request #3360: Documentation : ConsumerKafka_2_0 - updated configuration details re…

bbende commented on a change in pull request #3360: Documentation :  ConsumerKafka_2_0 - updated configuration details re…
URL: https://github.com/apache/nifi/pull/3360#discussion_r264765536
 
 

 ##########
 File path: nifi-nar-bundles/nifi-kafka-bundle/nifi-kafka-2-0-processors/src/main/resources/docs/org.apache.nifi.processors.kafka.pubsub.ConsumeKafkaRecord_2_0/additionalDetails.html
 ##########
 @@ -112,16 +126,59 @@ <h4>SASL_PLAINTEXT - PLAIN</h4>
       password="nifi-password";
     };
             </pre>
+        The JAAS configuration can be provided by either of below ways
+        <ol type="1">
+            <li>specify the java.security.auth.login.config system property in
+                NiFi's bootstrap.conf. This limits you to use only one user credential across the cluster.</li>
+            <pre>
+                java.arg.16=-Djava.security.auth.login.config=/path/to/kafka_client_jaas.conf
+            </pre>
+            <li>add user attribute 'sasl.jaas.config' in the processor configurations. This method allows one to have multiple consumers with different user credentials or gives flexibility to consume from multiple kafka clusters.</li>
+            <pre>
+                sasl.jaas.config : org.apache.kafka.common.security.plain.PlainLoginModule required
+                                        username="nifi"
+                                        password="nifi-password";
+            </pre>
 
 Review comment:
   Can we make a note right after this pre element and say that the password will be stored in plain-text in the flow.xml.gz? I want to make sure users are aware that this value won't be secured in any way.
   
   Here is the text I would use...
   
   > NOTE: The dynamic properties of this processor are not secured and as a result the password entered when utilizing sasl.jaas.config will be stored in the flow.xml.gz file in plain-text, and will be saved to NiFi Registry if using versioned flows.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services